17 lines
684 B
YAML
17 lines
684 B
YAML
---
|
|
prelude: >
|
|
upgrade:
|
|
- A new config option `encryption_key_path` has been added to the DEFAULT
|
|
section to specify the path to the directory containing encryption keys for
|
|
encrypting secret fields in datasource config. The default value
|
|
(/etc/congress/keys) works for most deployments. A new key will be
|
|
automatically generated and placed in the directory specified by the
|
|
config option.
|
|
|
|
security:
|
|
- Secret fields in datasource configuration are now encrypted using Fernet
|
|
(AES-128 CBC; HMAC-SHA256).
|
|
Existing datasources are unaffected. To encrypt the secret
|
|
fields of existing datasources, simply delete and re-add after Congress
|
|
upgrade.
|